Generating a certificate signing request
The req command is used to generate a CSR. The most basic form of this command specifies the name of the key file you created in the previous step and the name of the output file, which must have a *.csr extension.
The following example also includes the -SHA256 option, which creates a certificate using the SHA256 signature algorithm.
OpenSSL> req -new -key key-filename.pem -out cert.csr -SHA256
$ openssl req -new -key key-filename.pem -out cert.csr -SHA256
When you enter the command, you will be prompted to provide the following information. This information is used to create a distinguishing name (DN) for the certificate.
- The two-letter code for your country, such as US or DE
- The full name of your state or province
- Your city or town
- The name of your organization
- The name of the unit within your organization
- Your name or the host name of the system
- Your email address
- A challenge password – This is not related to the password you assigned when creating the private key. Leave blank unless you understand when and how to use it.
- Company name – Optional